VAR-202201-0275
Vulnerability from variot - Updated: 2023-12-18 12:34Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications.CVE-2020-10137 Unknown CVE-2020-9057 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. CVE-2020-9058 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. CVE-2020-9059 Affected Vendor Statement: This is a known weakness with S0 security. CVE-2020-9060 Affected Vendor Statement: This is a known weakness with S2 security. CVE-2020-9061 Affected Vendor Statement: This is a known weakness with S0 and S2 security.CVE-2020-10137 Unknown CVE-2020-9057 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. CVE-2020-9058 Affected Vendor Statement: This is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. CVE-2020-9059 Affected Vendor Statement: This is a known weakness with S0 security. CVE-2020-9060 Affected Vendor Statement: This is a known weakness with S2 security. CVE-2020-9061 Affected Vendor Statement: This is a known weakness with S0 and S2 security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "be468",
"scope": "eq",
"trust": 1.0,
"vendor": "schlage",
"version": "3.42"
},
{
"model": "500 series",
"scope": "eq",
"trust": 1.0,
"vendor": "silabs",
"version": "*"
},
{
"model": "500 \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "silicon",
"version": null
},
{
"model": "be468",
"scope": null,
"trust": 0.8,
"vendor": "schlage",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9059"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Timur Snoke and Art Manion.Statement Date:\u00a0\u00a0 June 30, 2020",
"sources": [
{
"db": "CERT/CC",
"id": "VU#142629"
}
],
"trust": 0.8
},
"cve": "CVE-2020-9059",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9059",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-187184",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9059",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9059",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-187184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications.CVE-2020-10137 Unknown\nCVE-2020-9057 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. \nCVE-2020-9058 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. \nCVE-2020-9059 Affected\nVendor Statement:\nThis is a known weakness with S0 security. \nCVE-2020-9060 Affected\nVendor Statement:\nThis is a known weakness with S2 security. \nCVE-2020-9061 Affected\nVendor Statement:\nThis is a known weakness with S0 and S2 security.CVE-2020-10137 Unknown\nCVE-2020-9057 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 security can encrypt application data. \nCVE-2020-9058 Affected\nVendor Statement:\nThis is a known weakness with unencrypted traffic. S0 and S2 can encrypt application data. \nCVE-2020-9059 Affected\nVendor Statement:\nThis is a known weakness with S0 security. \nCVE-2020-9060 Affected\nVendor Statement:\nThis is a known weakness with S2 security. \nCVE-2020-9061 Affected\nVendor Statement:\nThis is a known weakness with S0 and S2 security",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CERT/CC",
"id": "VU#142629"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "VULHUB",
"id": "VHN-187184"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9059",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#142629",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU94598199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-187184",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9059",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#142629"
},
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"id": "VAR-202201-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:34:41.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Silicon\u00a0Labs,\u00a0Inc.Silicon\u00a0Labs,\u00a0Inc.",
"trust": 0.8,
"url": "https://www.schlage.com/en/home.html"
},
{
"title": "Silicon Labs Z-Wave Chipsets Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178622"
},
{
"title": "VFuzz-public",
"trust": 0.1,
"url": "https://github.com/cnk2100/vfuzz-public "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cnk2100/vfuzz-public"
},
{
"trust": 2.5,
"url": "https://kb.cert.org/vuls/id/142629"
},
{
"trust": 2.5,
"url": "https://ieeexplore.ieee.org/document/9663293"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/142629"
},
{
"trust": 1.7,
"url": "https://doi.org/10.1109/access.2021.3138768"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9059"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94598199/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#142629"
},
{
"db": "VULHUB",
"id": "VHN-187184"
},
{
"db": "VULMON",
"id": "CVE-2020-9059"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#142629"
},
{
"date": "2022-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-187184"
},
{
"date": "2023-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"date": "2022-01-10T14:10:16.303000",
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-09T00:00:00",
"db": "CERT/CC",
"id": "VU#142629"
},
{
"date": "2022-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-187184"
},
{
"date": "2023-02-10T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2021-017816"
},
{
"date": "2022-09-20T17:16:54.653000",
"db": "NVD",
"id": "CVE-2020-9059"
},
{
"date": "2022-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silicon Labs Z-Wave chipsets contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#142629"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-579"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…